Is proxmox affected by ths one ?? - Systemd vsock sshd - Vulnerability

[Bingo600]

Just noticed this one on mailinglist : oss-security

It refers to this one.
https://www.openwall.com/lists/oss-security/2025/12/28/4

Is proxmox affected ??


How does one (easiest) tell sshd to "ignore" vsock ?
Or disable this "new feature"

/Bingo


My (Fully updated) Proxmox 9.1.4 shows:

# systemctl --version
systemd 257 (257.9-1~deb13u1)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +BTF -XKBCOMMON -UTMP +SYSVINIT +LIBARCHIVE

 

[Bingo600]

Just noticed this file:
/etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf

# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Allow connecting to the local host directly via ".host"
Host .host machine/.host
        ProxyCommand /usr/lib/systemd/systemd-ssh-proxy unix/run/ssh-unix-local/socket %p
        ProxyUseFdpass yes
        CheckHostIP no

# Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths.
# Make sure machine/* can be used to connect to local machines registered in machined.
#
Host unix/* vsock/* machine/*
        ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
        ProxyUseFdpass yes
        CheckHostIP no

        # Disable all kinds of host identity checks, since these addresses are generally ephemeral.
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null

Would the line
Host unix/* vsock/* machine/*

Be where to fiddle?


Not super keen on loosing my ssh access to the proxmox hypervisor.